CVE-2021-47337

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0-rc7

Description A vulnerability in the Linux kernel has been resolved, which involved a bad pointer dereference when the ehandler kthread is invalid. The issue occurred when the error handler thread failed to spawn, causing the shost->ehandler to be set to ERR PTR(-ENOMEM). As a result, the error handler cleanup code in scsi host dev release() would call kthread stop() even if the kthread was not successfully spawned, leading to a NULL pointer dereference. This vulnerability could be exploited to cause a kernel crash or potentially execute arbitrary code.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the kernel version is 5.13.0-rc7 or later. If updating the kernel is not feasible, consider applying the patch manually to fix the issue. As a temporary workaround, consider disabling the scsi host dev release() function or restricting access to the vulnerable module until a patch is available.